- Home
- CVEs with nessus.description==The remote host is affected by the vulnerability described in GLSA-201404-07 (OpenSSL: Information Disclosure)
Multiple vulnerabilities have been found in OpenSSL:
OpenSSL incorrectly handles memory in the TLS heartbeat extension, leading to information disclosure of 64kb per request, possibly including private keys (“Heartbleed bug”, OpenSSL 1.0.1 only, CVE-2014-0160).
The Montgomery ladder implementation of OpenSSL improperly handles swap operations (CVE-2014-0076).
Impact :
A remote attacker could exploit these issues to disclose information, including private keys or other sensitive information, or perform side-channel attacks to obtain ECDSA nonces.
Workaround :
Disabling the tls-heartbeat USE flag (enabled by default) provides a workaround for the CVE-2014-0160 issue.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top